Individuals, corporations, and government entities require a robust means to authenticate—identify and verify the authority—of human beings, computers, or other digital devices to access a communications or computing network. Digital certificates are often used as the means to authenticate human beings, computers, or other digital devices to access a network. For example, digital certificates are used in a number of applications that require strong authentication including online banking and high assurance communication systems.
Current authentication solutions process certificate activities, such as signing a certificate or revoking a previously signed certificate, in electronic form. Such electronic authentication solutions may include processing data packets on a network, files stored on a memory storage device—such a compact disk, or any other type of electronic format. Unfortunately these electronic authentication solutions are subject to malicious attacks that diminish the security of the certificate authority. The existing electronic authentication solutions have many other negative aspects such as their complexity, high expense, or the fact that they are always connected to the Internet. The existing electronic authentication solutions also require tight security, both physical and virtual, to protect the certificate authentication servers from malicious attacks. Thus there is a strong need for a electronic authentication solution that is more simplified, less expensive, and less vulnerable to malicious attacks when compared to existing electronic authentication solutions.
This invention provides a novel solution in which the signing certificate server is decoupled from the network. This invention enables a superior guard function that relies on manual, or automated, media conversion to process certificate activities. This invention removes all known remote attack methods while providing strong data integrity for certificate processing activities. This invention reduces the cost and complexity of physical security of the signing certificate server.